[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems connecting to OpenLDAP-2.2.17 with Kerberos (ldapclient).
On Wed, Nov 03, 2004 at 07:35:15PM +0000, Lewis Thompson wrote:
> > > > > Miscellaneous failure (see text) (Server (krbtgt/168.0.1@DOMAIN.COM) unknown)
> > > > ^^^^^^^
> > > > There seems to be a typo somewhere in your config. Perhaps in /etc/hosts, or your
> > > > DNS, or resolver.
> > >
> > > That's what I thought. I've checked everywhere I can think of. The
> > > only kerberos DNS entry I have now is:
> >
> > Is the output of the "hostname" command OK? For some reason your gssapi library is
> > thinking your hostname is 168.0.1. It should not even be an IP address, but an FQDN.
>
> % hostname
> server.domain.com
>
> I'm really confused how it has got an IP address. Out of curiosity
> why has it cropped the least significant part of the FQDN? Is that
> because it is expecting server.domain.com but wants just domain.com?
Oh wait, 168.0.1 is the REALM part of your ticket, not your hostname. Sorry for
the confusion. I was thinking in terms of service tickets, like ldap/fqdn-ldap-server@REALM.
I guess you have some problem with krb5.conf, perhaps in the [domain_realm] section
if you are using MIT Kerberos. Try something like:
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM